plugins-scaffolding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill describes adding and installing marketplaces and plugins from public GitHub repos and arbitrary git URLs (see "Plugin Source Types" / "Distribution Methods" and examples like "/plugin marketplace add owner/repo" and git URL sources), which means the agent can fetch and load untrusted, user-provided plugin manifests and markdown commands/skills that it will read and execute.